package com.uplooking;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.uplooking.filter.TokenFilter;


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private TokenFilter tokenFilter;

	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//放行路由
		http.authorizeRequests().antMatchers("/comm/**").permitAll();
		
		//添加过滤器 在验证业务之前 先执行过滤业务
		http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
		
		//其他路由必须要验证 设置不需要会话存储(会影响安全退出) 一切基于Cookie
		http.authorizeRequests().anyRequest().authenticated()
			.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
		
		//路由安全
		http.csrf().disable().cors();
	}
	
}
